Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3947 matches found

CVE
CVEadded 2026/03/03 10:10 p.m.16 views

CVE-2026-24898

OpenEMR before version 8.0.0 contains an unauthenticated disclosure in the MedEx callback endpoint. The endpoint bypasses authentication ($ignoreAuth = true) and returns the full JSON response, including MedEx API tokens, when a callback_key is posted. This enables unauthenticated visitors to obt...

10CVSS6AI score0.00081EPSS
Exploits1References2Affected Software1
CNNVD
CNNVDadded 2026/03/03 12:0 a.m.2 views

OpenEMR 授权问题漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Versions of OpenEMR prior to 8.0.0 contained vulnerabilities...

10CVSS5.8AI score0.00081EPSS
Exploits1References2
RedhatCVE
RedhatCVEadded 2026/03/02 4:19 p.m.3 views

CVE-2026-3195

A flaw was found in QEMU. When reading input audio in the virtio-snd device input callback, the virtiosndpcmincb function did not check whether the iov could fit the data buffer, potentially leading to a heap out-of-bounds write. This issue exists due to an incomplete fix for CVE-2024-7730...

7.8CVSS5.8AI score0.00038EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2026/03/02 4:18 a.m.2 views

CVE-2026-28415

A flaw was found in Gradio, an open-source Python package. The redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter. A remote attacker can exploit this vulnerability by crafting a malicious URL, leading to an open redirect. This allows the attacker to...

4.7CVSS5.9AI score0.00013EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/02/27 9:44 p.m.2 views

CVE-2026-28415 Gradio has Open Redirect in OAuth Flow

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback...

4.3CVSS6AI score0.00013EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/02/27 9:44 p.m.6 views

CVE-2026-28415

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback...

4.7CVSS6AI score0.00013EPSS
Exploits0References2Affected Software1
EUVD
EUVDadded 2026/02/27 9:44 p.m.3 views

EUVD-2026-9083

Gradio is an open-source Python package designed for quick prototyping. Prior to version 6.6.0, the redirecttotarget function in Gradio's OAuth flow accepts an unvalidated targeturl query parameter, allowing redirection to arbitrary external URLs. This affects the /logout and /login/callback...

4.3CVSS6AI score0.00013EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/02/27 12:0 a.m.5 views

PT-2026-22414

Name of the Vulnerable Software and Affected Versions Gradio versions prior to 6.6.0 Description Gradio is a Python package for rapid prototyping. A flaw exists in the OAuth flow where the redirect to target function does not properly validate the target url query parameter. This allows redirecti...

4.3CVSS6AI score0.00013EPSS
Exploits0References5
CNNVD
CNNVDadded 2026/02/27 12:0 a.m.3 views

WordPress plugin WP Recipe Maker 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.9AI score0.00095EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/02/26 10:14 a.m.5 views

CVE-2026-1929

The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.37. This is due to the use of calluserfuncarray with user-controlled callback and parameters in the getselectoptionvalues AJAX handler without an allowlist of permitted...

8.8CVSS6.2AI score0.00361EPSS
Exploits0References1
NVD
NVDadded 2026/02/26 8:16 a.m.8 views

CVE-2026-1698

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

6.1CVSS0.00056EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2026/02/26 7:58 a.m.4 views

CVE-2026-1698 HTTP Host header vulnerability in WebClient and WebScheduler web apps

A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints...

5.3CVSS5.5AI score0.00056EPSS
Exploits0References1
Patchstack
Patchstackadded 2026/02/26 1:28 a.m.3 views

WordPress Advanced Woo Labels plugin <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter vulnerability

Authenticated Contributor+ Remote Code Execution via 'callback' Parameter vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - cyberdogzmarketing.com | krei.dev | ogbuilders.io in WordPress Plugin Advanced Woo Labels versions = 2.36...

8.8CVSS5.6AI score0.00361EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linuxadded 2026/02/25 3:20 p.m.3 views

kernel: Bluetooth: hci_event: call disconnect callback before deleting conn

A flaw was found in the Linux kernel in which a callback is not called when a Bluetooth peripheral is disconnected. This flaw leads to a use-after-free, which an attacker could use to escalate their privileges, corrupt system memory, or otherwise cause a denial of service...

7.8CVSS5.7AI score0.00008EPSS
Exploits0References5
EUVD
EUVDadded 2026/02/25 9:30 a.m.6 views

EUVD-2026-8631

The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.37. This is due to the use of calluserfuncarray with user-controlled callback and parameters in the getselectoptionvalues AJAX handler without an allowlist of permitted...

8.8CVSS6.2AI score0.00361EPSS
Exploits0References6
NVD
NVDadded 2026/02/25 9:16 a.m.5 views

CVE-2026-1929

The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.37. This is due to the use of calluserfuncarray with user-controlled callback and parameters in the getselectoptionvalues AJAX handler without an allowlist of permitted...

8.8CVSS0.00361EPSS
Exploits0References5
CVE
CVEadded 2026/02/25 8:25 a.m.12 views

CVE-2026-1929

The CVE-2026-1929 entry describes a Remote Code Execution in the WordPress plugin Advanced Woo Labels (vulnerable up to and including 2.37). The issue arises in the AJAX handler (get_select_option_values) where the code calls call_user_func_array() with a user-controlled callback and parameters, ...

8.8CVSS6.2AI score0.00361EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/02/25 8:25 a.m.3 views

CVE-2026-1929 Advanced Woo Labels <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter

The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.37. This is due to the use of calluserfuncarray with user-controlled callback and parameters in the getselectoptionvalues AJAX handler without an allowlist of permitted...

8.8CVSS6.2AI score0.00361EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/02/25 8:25 a.m.20 views

CVE-2026-1929 Advanced Woo Labels <= 2.37 - Authenticated (Contributor+) Remote Code Execution via 'callback' Parameter

The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.37. This is due to the use of calluserfuncarray with user-controlled callback and parameters in the getselectoptionvalues AJAX handler without an allowlist of permitted...

8.8CVSS0.00361EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/02/25 8:25 a.m.3 views

CVE-2026-1929

The Advanced Woo Labels plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.37. This is due to the use of calluserfuncarray with user-controlled callback and parameters in the getselectoptionvalues AJAX handler without an allowlist of permitted...

8.8CVSS6.2AI score0.00361EPSS
Exploits0References6
Rows per page
Query Builder